177512 – www-client/elinks Untrusted search path (CVE-2007-2027)

Bug 177512 - www-client/elinks Untrusted search path (CVE-2007-2027)

Summary: www-client/elinks Untrusted search path (CVE-2007-2027)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B2 [glsa] jaervosz
Keywords:

Duplicates (1):	177777 (view as bug list)
Depends on:
Blocks:

Reported:	2007-05-07 16:13 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2007-06-28 06:22 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-07 16:13:22 UTC

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 adds "../po" to the search path for .po files, which might allow local users to cause Elinks to use an untrusted gettext message catalog, which can be leveraged to conduct format string attacks.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2007-05-09 11:48:02 UTC

*** Bug 177777 has been marked as a duplicate of this bug. ***

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-19 22:41:17 UTC

spock please advise.

Comment 3 Michal Januszewski (RETIRED) gentoo-dev

2007-05-21 17:24:02 UTC

This is now fixed in CVS thanks to a patch pulled from the elinks GIT tree.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-21 18:30:57 UTC

Thx Micheal. 

Could you make a revbump of the latest stable so users can use glsa-check to upgrade and arches have a chance to test?

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-21 18:46:15 UTC

Woops didn't mean to CC arches already. Sorry for the noise.

Comment 6 Michal Januszewski (RETIRED) gentoo-dev

2007-05-21 21:00:09 UTC

Done, 0.11.2-r1 is in CVS now.

Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-31 09:44:03 UTC

Jaervosz, seems it's ok for calling arches this time :)

Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-06-01 05:54:27 UTC

Thx for the reminder:-)

Arches please test and mark stable. Target keywords are:

elinks-0.11.2-r1.ebuild:KEYWORDS="alpha amd64 hppa mips ppc ppc64 sparc x86 ~x86-fbsd"

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2007-06-01 12:36:08 UTC

alpha/x86 stable

Comment 10 Peter Weller (RETIRED) gentoo-dev

2007-06-01 12:45:43 UTC

amd64 done

Comment 11 Gustavo Zacarias (RETIRED) gentoo-dev

2007-06-01 13:27:11 UTC

sparc stable.

Comment 12 Brent Baude (RETIRED) gentoo-dev

2007-06-01 14:49:42 UTC

ppc64 stable

Comment 13 Jeroen Roovers (RETIRED) gentoo-dev

2007-06-01 16:12:19 UTC

Stable for HPPA.

Comment 14 René Nussbaumer (RETIRED) gentoo-dev

2007-06-02 20:09:19 UTC

stable on ppc

Comment 15 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-06-07 21:30:56 UTC

GLS 200706-03, thanks everybody!

mips don't forget to mark stable to befenit from the glsa

Comment 16 Joshua Kinard gentoo-dev

2007-06-28 06:22:11 UTC

mips stable.